Permission Management
This guide explains how to configure roles, navigation visibility, and fine-grained permissions using the platform's management interface. These settings control what users can see and do based on their assigned role.
Permission management is only available to Platform Administrators. Other users will see an "Access Denied" message.
Accessing Permission Management
Navigate to Management in the sidebar to access the permission management pages:
Screenshot: Management Sidebar
Shows Management menu with Roles, Permissions, Navigation, and Users options
The Management section includes:
| Page | Purpose |
|---|---|
| Roles | View all roles and compare permission statistics |
| Permissions | Configure fine-grained resource/action permissions |
| Navigation | Control sidebar menu visibility per role |
| Users | Manage user accounts and role assignments |
Roles
The Roles page provides an overview of all system roles and their permission statistics.
Roles Overview
Screenshot: Roles Overview Page
Shows list of roles with permission counts, granted counts, and navigation item counts
The roles table displays:
- Role Name — Display name and system indicator
- Permission Count — Total number of permission records for this role
- Granted — Number of permissions that are enabled
- Nav Items — Number of visible navigation items
Comparing Roles
To understand the differences between two roles, use the Compare Roles feature:
- Click Compare Roles button
- Select two roles from the dropdown menus
- View side-by-side permission comparison
Screenshot: Role Comparison Dialog
Shows two roles side-by-side with checkmarks indicating which permissions each role has
The comparison shows:
- Resources and actions in rows
- Checkmarks for each role's granted permissions
- Differences highlighted for easy identification
Permissions
The Permissions page allows fine-grained control over what actions each role can perform on specific resources.
Permission Matrix
Screenshot: Permission Matrix Page
Shows resources in rows, actions in columns, with checkboxes for each permission
The permission matrix displays:
- Role Selector — Choose which role to configure
- Category Tabs — Filter resources by category
- Resource Rows — Each resource that can be protected
- Action Columns — Checkboxes for each action type
Understanding Resources and Actions
Resources are system entities that can be accessed:
| Resource | Category | Description |
|---|---|---|
user | Administration | User accounts and management |
master_data | Administration | System reference data |
report | Administration | System reports |
study | Design | Clinical studies |
site | Design | Trial sites |
personnel | Design | Study team members |
ecrf_designer | Design | Electronic CRF form designer |
study_site | Design | Study-site assignments |
study_subject | Design | Study-subject enrollments |
subject | Execution | Study participants (Subjects) |
crf | Execution | Case Report Forms |
crf_entry | Execution | CRF data entries |
demographics | Execution | Subject demographic data |
vitals | Execution | Vital signs records |
eligibility | Execution | Eligibility criteria |
consent | Execution | Consent records |
adverse_event | Execution | Adverse event reports |
laboratory | Execution | Laboratory results |
physical_examination | Execution | Physical exam records |
family_medical_history | Execution | Family medical history |
concomitant_medication | Execution | Concomitant medications |
events | Execution | Study events/visits |
Actions are operations that can be performed:
| Action | Description | UI Element |
|---|---|---|
create | Create new records | "Add" button in toolbar |
read | View existing records | View data, "View" option in menu |
update | Modify existing records | "Edit" option in row action menu |
delete | Delete individual records | "Delete" option in row action menu |
bulk_delete | Delete multiple records at once | Checkboxes + "Delete Selected" button |
export | Export data to external formats | "Export" button |
import | Import data from external sources | "Import" button |
generate | Generate reports or documents | "Generate" button (Reports) |
These are separate permissions:
- Delete — Shows "Delete" option in the row action menu (⋮) for individual records
- Bulk Delete — Shows checkboxes in the table and "Delete Selected" button for batch operations
Enable both if you want users to delete records individually AND in bulk.
Editing Permissions
To grant or revoke a permission:
- Select the role from the dropdown
- Navigate to the appropriate category tab (Administration, Design, Execution)
- Find the resource row
- Check or uncheck the action checkbox
Screenshot: Editing a Permission
Shows checkbox being toggled with saving indicator
Changes take effect immediately. A toast notification confirms the update.
If a checkbox appears greyed out and disabled, it means that action is not available for that resource. Hover over it to see more details. Not all actions apply to every resource.
Stats Overview
At the top of the page, summary cards show:
- Total Roles — Number of configured roles
- Resources — Number of protected resources
- Actions — Number of available actions
- Permission Records — Total permission entries in the system
Navigation
The Navigation page controls which sidebar menu items are visible to each role.
Navigation Matrix
Screenshot: Navigation Permissions Page
Shows navigation items in rows, roles in columns, with visibility checkboxes
The navigation matrix displays:
- Navigation Items — Sidebar menu entries (Dashboard, Studies, Subjects, etc.)
- Role Columns — Checkbox for each role's visibility
- Sort Order — Items are displayed in their sidebar order
Navigation Items
| Navigation Item | Description |
|---|---|
| Dashboard | Role-specific home dashboard |
| Studies | Clinical studies list |
| Subjects | Subject/participant list |
| Sites | Trial sites management |
| eCRF Designer | Form designer (opens Frappe) |
| Master Data | System reference data |
| Management | Admin settings and users |
Configuring Visibility
To show or hide a navigation item for a role:
- Find the navigation item row
- Check or uncheck the checkbox under the role column
Screenshot: Toggling Navigation Visibility
Shows checkbox being toggled for a navigation item
Users will see the updated sidebar on their next page load.
How Permissions Affect the UI
Permissions control what users see and can do throughout the application.
Button Visibility
Buttons are automatically shown or hidden based on permissions:
Screenshot: Button Visibility Comparison
Left: Admin sees Add, Edit, Delete buttons. Right: Coordinator sees only View.
| Permission | Buttons Shown |
|---|---|
create | Add, Create, New |
update | Edit, Save, Update |
delete | Delete, Remove |
export | Export, Download |
bulk_delete | Bulk Delete, Select All |
Sidebar Navigation
The sidebar adapts based on navigation permissions:
Screenshot: Sidebar Comparison by Role
Side-by-side: Admin sidebar vs Study Coordinator sidebar
Data Filtering
Beyond visibility, some roles see filtered data:
| Role | Data Scope |
|---|---|
| Platform Administrator | All studies, all subjects, all sites |
| Study Designer | All studies (configuration view) |
| Study Coordinator | Only assigned studies and subjects |
| Principal Investigator | Only assigned studies (read-only) |
Best Practices
Principle of Least Privilege
Grant only the permissions necessary for each role to perform their duties:
- Start with minimal permissions
- Add permissions as needed
- Review permissions regularly
Testing Changes
After modifying permissions:
- Log in as a user with the modified role
- Verify buttons appear/disappear correctly
- Check that navigation items are correct
- Confirm data access is appropriately scoped
Common Configurations
Study Coordinator typically needs:
subject: create, read, updatevitals: create, read, updateadverse_event: create, read, update- Navigation: Dashboard, Studies, Subjects
Principal Investigator typically needs:
study: readsubject: readadverse_event: read- Navigation: Dashboard, Studies, Subjects
Study Designer typically needs:
study: create, read, updatesite: create, read, updatepersonnel: create, read, updatecrf: create, read, update- Navigation: Dashboard, Studies, eCRF Designer
Refreshing Permissions
If permissions don't seem to update:
- Click the Refresh button on the Permissions or Navigation page
- Have the user refresh their browser
- The user may need to log out and log back in
Permissions are cached for performance. The refresh button forces a reload from the server.